Posted
by
EditorDavid
on Sunday September 17, 2017 @12:14AM
from the pernicious-packages dept.

An anonymous reader quotes BleepingComputer:
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Posted
by
EditorDavid
on Saturday September 09, 2017 @09:10PM
from the is-simple-better-than-complex? dept.

An anonymous reader quotes Stack Overflow Blog:
In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.
The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."

Posted
by
EditorDavid
on Sunday September 03, 2017 @03:29AM
from the fighting-for-the-future dept.

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more."
An anonymous reader quotes TechRepublic:
Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.
The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps...
"If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."

Posted
by
EditorDavid
on Sunday September 03, 2017 @12:24AM
from the changelog-of-the-internet dept.

An anonymous reader quotes an announcement from Reddit's founding engineer:
When we open sourced Reddit back in 2008, Reddit Inc was a ragtag organization and the future of the company was very uncertain. We wanted to make sure the community could keep the site alive should the company go under and making the code available was the logical thing to do. Nine years later and Reddit is a very different company and as anyone who has been paying attention will have noticed, we've been doing a bad job of keeping our open-source product repos up to date. This is for a variety of reasons, some intentional and some not so much:

Open-source makes it hard for us to develop some features "in the clear" (like our recent video launch) without leaking our plans too far in advance. As Reddit is now a larger player on the web, it is hard for us to be strategic in our planning when everyone can see what code we are committing. Because of the above, our internal development, production and "feature" branches have been moving further and further from the "canonical" state of the open source repository... We are actively moving away from the "monolithic" version of reddit that works using only the original repository... Because of these reasons, we are making the following changes to our open-source practice. We're going to archive reddit/reddit and reddit/reddit-mobile. These will still be accessible in their current state, but will no longer receive updates.
The announcement has been condensed slightly, but Reddit's founding engineer insists that "We believe in open source, and want to make sure that our contributions are both useful and meaningful. We will continue to open source tools that are of use to engineers everywhere." In addition, "Much of the core of Reddit is based on open source technologies (Postgres, python, memcached, Cassanda to name a few!) and we will continue to contribute to projects we use and modify..."

"Those who have been paying attention will realize that this isn't really a change to how we're doing anything but rather making explicit what's already been going on."

Posted
by
msmash
on Wednesday August 30, 2017 @03:25PM
from the data-is-beautiful dept.

Stack Overflow data scientist David Robinson published an interesting observation: There exists a small but meaningful divide between the programming technologies used in wealthy countries and those used in developing countries. From a report: To be sure, programmers everywhere tend to build things with the same tools, which makes sense because software is a global industry. The first is in data science, which tends to employ the programming languages Python and R. "Python is visited about twice as often in high-income countries as in the rest of the world, and R about three times as much," Robinson writes. "We might also notice that among the smaller tags, many of the greatest shifts are in scientific Python and R packages such as pandas, numpy, matplotlib and ggplot2. This suggests that part of the income gap in these two languages may be due to their role in science and academic research. It makes sense these would be more common in wealthier industrialized nations, where scientific research makes up a larger portion of the economy and programmers are more likely to have advanced degrees." C and C++ use is similarly skewed toward wealthy countries. This is likely for a similar reason. These are languages that are pushed in American universities. They also tend to be used in highly specialized/advanced programming fields like embedded software and firmware development where you're more likely to find engineers with advanced degrees.

Posted
by
EditorDavid
on Sunday August 13, 2017 @04:35PM
from the art-of-programming dept.

An anonymous reader quotes Motherboard:
If the esoteric programming language Asciidots looks like a mess, it is at least a very different-looking and even aesthetically pleasing mess. Simply, its mechanics and syntax are based on Ascii art... Asciidots is a unique sort of programming language known as a dataflow language. In this sort of language, we can imagine units of data (like our variable x) following a data go-kart track that's interrupted in different places with pit stops that change the value of the data go-kart that's following the track around. One pit stop might add 1 to the variable, while another might chop it in half. At some points, the track might even split, with the data go-kart picking one fork depending on its current value. If, say, it's greater than 2 it might go left; otherwise, it goes right...

In Asciidots, the aforementioned go-kart track is represented by lines (|,-,/,\)... Most of the other non-line symbols are mathematical operators, but there are also symbols that direct the program to request input from the user, set values, print values, and change the direction of the unit of data... Under the hood, Asciidots is a Python program. An Asciidots program is just fed into that underlying program and digested into normal Python code, which is then executed.
The article includes some examples, and argues that esoteric esolangs like Asciidots force programmers to consider fresh perspectives. And in addition, "it looks really cool."

Posted
by
EditorDavid
on Saturday August 05, 2017 @10:34AM
from the core-applications dept.

AmiMoJo brings news about gedit, the default text editor for GNOME:
In a post to the gedit mailing list, Sébastien Wilmet states that gedit is no longer maintained and asks "any developer interested to take over the maintenance of gedit?" Just in case you were considering it, he warns "BTW while the gedit core is written in C (with a bit of Objective-C for Mac OS X support), some plugins are written in Vala or Python. If you take over gedit maintenance, you'll need to deal with four programming languages (without counting the build system). The Python code is not compiled, so when doing refactorings in gedit core, good luck to port all the plugins (the Python code is also less "greppable" than C). At least with Vala there is a compiler, even if I would not recommend Vala."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?

Posted
by
msmash
on Monday July 31, 2017 @04:00PM
from the security-woes dept.

An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.

Posted
by
EditorDavid
on Sunday July 30, 2017 @06:39PM
from the United-States-of-Developers dept.

An anonymous reader writes:
Palo Alto-based HackerRank, which offers online programmng challenges, "dug into our data of about 450,000 unique U.S. developers to uncover which states are home to the best software engineers, and which pockets of the country have the highest rate of developer growth." Examining the 24 months from 2015 through the end of 2016, they calculated the average score for each state in eight programming-related domains. (Algorithms, data structures, functional programming, math, Java, Ruby, C++, and Python.) But it seems like low-population states would have fewer people taking the tests, meaning a disproportionate number of motivated and knowledgeable test takers could drastically skew the results. Sure enough, Wyoming -- with a population of just 584,153 -- has the smallest population of any U.S. state, but the site's second-highest average score, and the top score in three subject domains -- Ruby, data structures, and algorithms. And the District of Columbia -- population 681,170 -- has the highest average score for functional programming.

California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."
Their conclucion? "Today, as the demand for developers goes beyond technology and as there is more opportunity to work remotely, there's a more distributed workforce of skilled developers across the nation, from the Rust Belt to the East Coast... Software developers aren't just attached to VCs, startups or Silicon Valley anymore."

Posted
by
EditorDavid
on Sunday July 30, 2017 @05:34PM
from the version-conversions dept.

An anonymous reader quotes Phoronix:
Finalizing Fedora's switch from Python 2 to Python 3 by default is still going to take several more Fedora release cycles and should be done by the 2020 date when Python 2 will be killed off upstream. While much of Fedora's Python code is now compatible with Py3, the /usr/bin/python still points to Python 2, various python-* packages still mean Python 2... The end game is to eventually get rid of Python 2 from Fedora but that is even further out.
Fedora is now gathering feedback on a Wiki page explaining the switch.

Posted
by
EditorDavid
on Saturday July 29, 2017 @12:34PM
from the C-u-later dept.

An anonymous reader quotes InfoWorld:
Proponents of Rust, the language engineered by Mozilla to give developers both speed and memory safety, are stumping for the language as a long-term replacement for C and C++. But replacing software written in these languages can be a difficult, long-term project. One place where Rust could supplant C in the short term is in the traditionally C libraries used in other languages... [A] new spate of projects are making it easier to develop Rust libraries with convenient bindings to Python -- and to deploy Python packages that have Rust binaries.
The article specifically highlights these four new projects:

Posted
by
EditorDavid
on Saturday July 22, 2017 @09:34PM
from the batteries-included dept.

An anonymous reader quotes IEEE Spectrum's annual report on the top programming languages:
As with all attempts to rank the usage of different languages, we have to rely on various proxies for popularity. In our case, this means having data journalist Nick Diakopoulos mine and combine 12 metrics from 10 carefully chosen online sources to rank 48 languages. But where we really differ from other rankings is that our interactive allows you choose how those metrics are weighted when they are combined, letting you personalize the rankings to your needs. We have a few preset weightings -- a default setting that's designed with the typical Spectrum reader in mind, as well as settings that emphasize emerging languages, what employers are looking for, and what's hot in open source...

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.
"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."

Posted
by
EditorDavid
on Saturday July 15, 2017 @07:42PM
from the up-next:-vim-versus-emacs dept.

Jason Baker, a Red Hat data analyst, doesn't believe developers who use spaces make more money than those who use tabs. An anonymous reader quotes Baker's blog post:
After reading the study one data scientist, Evelina Gabasova, performed some additional analysis and came to a slightly different conclusion, which feels a little more precise: "Environments where people use Git and contribute to open source are more associated both with higher salaries and spaces, rather than with tabs." In other words, if you're at a company where you're using version control and committing open source code upstream, you're statistically a little more likely to be a space-user and a higher wage-earner.
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.

"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."

Posted
by
EditorDavid
on Saturday July 01, 2017 @09:06PM
from the not-about-TIOBE dept.

An anonymous reader quotes Computerworld:
Ruby has had a reputation as a user-friendly language for building web applications. But its slippage in this month's RedMonk Programming Language Rankings has raised questions about where exactly the language stands among developers these days. The twice-yearly RedMonk index ranked Ruby at eighth, the lowest position ever for the language. "Swift and now Kotlin are the obvious choices for native mobile development. Go, Rust, and others are clearer modern choices for infrastructure," said RedMonk analyst Stephen O'Grady. "The web, meanwhile, where Ruby really made its mark with Rails, is now an aggressively competitive and crowded field." Although O'Grady noted that Ruby remains "tremendously popular," participants on sites such as Hacker News and Quora have increasingly questioned whether Ruby is dying. In the Redmonk rankings, Ruby peaked at fourth place in 2013, reinforcing the perception it is in decline, if a slow one.

Posted
by
EditorDavid
on Monday June 12, 2017 @03:30AM
from the Python-vs-PHP dept.

An anonymous reader shares their thoughts on language popuarity:
In the PYPL index, which is based on Google searches and is supposed to be forward looking, the trend is unmistakable. Python is rising fast and Java and others are declining. Combine this with the fact that Python is now the most widely taught language in the universities. In fields such as data science and machine learning, Python is already dominating. "Python where you can, C++ where you must" enterprises are following suit too, especially in data science but for everything else from web development to general purpose computing...

People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.
The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?

Posted
by
EditorDavid
on Sunday June 04, 2017 @12:44AM
from the tracking-the-code dept.

Slashdot reader dryriver writes:
There appear to be two main ways to write code today. One is with text-based languages ranging from BASIC to Python to C++. The other is to use a flow-based or dataflow programming-based visual programming language where you connect boxes or nodes with lines. What I have never (personally) come across is a way to program by drawing classical vertical (top to bottom) flow charts. Is there a programming environment that lets you do this...?

There are software tools that can turn, say, C code into a visual flow chart representation of said C code. Is there any way to do the opposite -- draw a flowchart, and have that flowchart turn into working C code?
Leave your best answers in the comments.

Posted
by
EditorDavid
on Saturday May 27, 2017 @02:34PM
from the data-about-distros dept.

An anonymous reader quotes DistroWatch:
Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."

Posted
by
BeauHDon Wednesday May 24, 2017 @06:00PM
from the inside-job dept.

In an effort to fill the demand for trained data scientists, Airbnb will be running its own university-style program, complete with a custom course-numbering system. Since traditional online programs like Coursera and Udacity weren't getting the job done because they weren't tailored to Airbnb's internal data and tools, the company "decided to design a bunch of courses of its own around three levels of instruction for different employee needs," reports TechCrunch. From the report: 100-level classes on data-informed decision making have been designed to be applicable to all teams, including human resources and business development. Middle-tier classes on SQL and Superset have enabled some non-technical employees to take on roles as project managers, and more intensive courses on Python and machine learning have helped engineers brush up on necessary skills for projects. Since launching the program in Q3 2016, Airbnb has seen the weekly active users of its internal data science tools rise from 30 to 45 percent. A total of 500 Airbnb employees have taken at least one class -- and Airbnb has yet to expand the program to all 22 of its offices.

The president of one job leadership consultancy argues C and C++ coders will soon be as obsolete as Cobol programmers. "The entire world has gone to Java or .Net. You still find C++ coders in financial companies because their systems are built on that, but they're disappearing."

A data scientist at Stack Overflow "says demand for PHP, WordPress, and LAMP skills are seeing a steady decline, while newer frameworks and languages like React, Angular, and Scala are on the rise."

The CEO and co-founder of an anonymous virtual private network service says "The rise of Azure and the Linux takeover has put most Windows admins out of work. Many of my old colleagues have had to retrain for Linux or go into something else entirely."

In addition, "Thanks to the massive migration to the cloud, listings for jobs that involve maintaining IT infrastructure, like network engineer or system administrator, are trending downward, notes Terence Chiu, vice president of careers site Indeed Prime."

The CTO of the job site Ladders adds that Smalltalk, Flex, and Pascal "quickly went from being popular to being only useful for maintaining older systems. Engineers and programmers need to continually learn new languages, or they'll find themselves maintaining systems instead of creating new products."

The president of Dice.com says "Right now, Java and Python are really hot. In five years they may not be... jobs are changing all the time, and that's a real pain point for tech professionals."

But the regional dean of Northeastern University-Silicon Valley has the glummest prediction of all. "If I were to look at a crystal ball, I don't think the world's going to need as many coders after 2020. Ninety percent of coding is taking some business specs and translating them into computer logic. That's really ripe for machine learning and low-end AI."

Posted
by
msmash
on Monday May 01, 2017 @11:20AM
from the evolution dept.

An anonymous reader shares a Scientific American article: Programming has changed. In first generation languages like FORTRAN and C, the burden was on programmers to translate high-level concepts into code. With modern programming languages -- I'll use Python as an example -- we use functions, objects, modules, and libraries to extend the language, and that doesn't just make programs better, it changes what programming is. Programming used to be about translation: expressing ideas in natural language, working with them in math notation, then writing flowcharts and pseudocode, and finally writing a program. Translation was necessary because each language offers different capabilities. Natural language is expressive and readable, pseudocode is more precise, math notation is concise, and code is executable. But the price of translation is that we are limited to the subset of ideas we can express effectively in each language. Some ideas that are easy to express computationally are awkward to write in math notation, and the symbolic manipulations we do in math are impossible in most programming languages. The power of modern programming languages is that they are expressive, readable, concise, precise, and executable. That means we can eliminate middleman languages and use one language to explore, learn, teach, and think.